CarlosSousa/HomeLab
1
0
Fork 0
mirror of https://github.com/zebrajr/HomeLab.git synced 2025-12-06 00:20:22 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: CarlosSousa:33408f1f4c299a25b0f3b21455d6be5b80bb78c9
Branches Tags
CarlosSousa:main
CarlosSousa:dev-cloud
...
compare: CarlosSousa:168d22f0787b1cdf7d594237e86e24d667c780bb
Branches Tags
CarlosSousa:main
CarlosSousa:dev-cloud

3 Commits
33408f1f4c ... 168d22f078

Author SHA1 Message Date
Carlos Sousa
168d22f078 add duf to common 2024-08-13 00:03:11 +02:00
Carlos Sousa
7e314f6e43
cleanup md and old files (#7) 
Co-authored-by: Carlos Sousa <me@carlossousa.tech>
 2024-08-02 15:45:14 +02:00
Carlos Sousa
2356a1c0b6
update workstation, add personalstation (#6) 
* update become handling, add workstation / playstation roles

* add default cfg, rename to personalstation,

* cleanup default packages, clean settings

* update readme

---------

Co-authored-by: Carlos Sousa <me@carlossousa.tech>
 2024-08-02 15:24:10 +02:00
45 changed files with 206 additions and 951 deletions
Show Stats Expand all files Collapse all files

17
CHANGELOG.md
View File

@ -1,17 +0,0 @@
# KeytechWebInterface - Change Log
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](https://semver.org/).
## [0.1.0] - Start
**Note:**
### Added
### Updated
### Deleted
### Fixed

37
README.md
View File

@ -1,35 +1,22 @@
# HomeLab
Scripts used for starting my HomeLab stuff, either from scratch or moving between machines.
### Situation
Scripts used for starting my HomeLab stuff,
***
### Task
## Files and Directories
### ansible/
Ansible playbooks to (re-)build systems, like a personal rig, a HTPC or even the VPS.
Used to get systems to a consistent state
### Result
### bashScripts/
Scripts that are (sometimes) useful.
***
### Note
### ToDo
- Configure .env-fireflyiii
- Add Ansible deployment basics
- Change to single config.sh
- Add limit to backup files
- Automatic Backup from used Images
## ToDo
- [ ] Add VPS role to ansible playbook
Ps.: Feel free to improve :)
## Some Statistics
<img src="https://img.shields.io/github/license/zebrajr/homelab?logo=github"><img src="https://img.shields.io/github/forks/zebrajr/homelab?logo=github"><img src="https://img.shields.io/github/stars/zebrajr/homelab?logo=github">
<br>
<img src="https://img.shields.io/github/last-commit/zebrajr/homelab?logo=gitfs"><img src="https://img.shields.io/maintenance/yes/2021">
<br>
<img src="https://img.shields.io/github/repo-size/zebrajr/homelab?logo=files"><img src="https://img.shields.io/tokei/lines/github/zebrajr/homelab?logo=files">
<br>
<img src="https://img.shields.io/github/issues-raw/zebrajr/homelab?logo=gitbook"><img src="https://img.shields.io/github/issues-closed-raw/zebrajr/homelab?logo=gitbook">
<br>
<img src="https://img.shields.io/github/issues-pr-raw/zebrajr/homelab?logo=git"><img src="https://img.shields.io/github/issues-pr-closed-raw/zebrajr/homelab?logo=git">
Ps.: Feel free to improve :)

6
ansible/10_scripts/target_system_personalstation.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Asks you for the user password
#ansible-playbook -i ../inventory ../playbook.yml -e "target_system=personalstation" --ask-become-pass
# Runs from the encrypted variables
ansible-playbook -i ../inventory ../playbook.yml -e "target_system=personalstation" --vault-password-file ../encrypted_vars/vault_password.txt

89
ansible/README.md
View File

@ -1,51 +1,90 @@
# Usage
- make a copy of the `all.yml.sample` into `all.yml` (and any other role you might want)
- a quick starting point is by looking for `REPLACE_THIS_`
- adapt as needed
- a quick starting point is by looking for `REPLACE_THIS_` and which packages you (don't) want
- run the playbook
- check `10_scripts` for a bootstrap script on using them
***
# ToDo
Tip: Search for `[:TODO:]` or `[:FIX:]` for quicker tasks
## Alpha
1. Configure HTPC: Kodi
2. Configure HTPC: RetroArch
- Add "vps" role to ansible playbooks
## MVP Stage
1. Add External Software to "personal" playbook (vscodium, brave)
2. Change Power Settings (increase time until Power Saver)
3. ~~Fix gnome tweak not being applied to the user correctly~~
***
# Files and Directories
**10_scripts/** : bash scripts to help bootstrap or helping reminding how to run the playbooks
**group_vars/**: This directory is variables that will be applied on every system are present
**roles/** : where the roles are defined. Each system has the "common" role and then one or more extra roles applied to it
**ansible.cfg**: Configuration settings for Ansible goes here.
**inventory**: This is the inventory file.
**playbook**: The main playbook to be used when running it against a system
***
# Adapting the Playbook for yourself
## Select Specific Roles
- htpc
- used for HTPC setup
- htpc : used for HTPC setups, has autologin, remote control support, etc
- personalstation : steam, music, photo editing, etc
- workstation : development work, including VMs via KVM / QEMU, docker, vscodium, etc
- ~~vps : not yet implemented~~
- make your own :)
- workstation
- vps
### Variables used
[:TODO:] Document Variables Used (roles: common, htpc, workstation)
## Variables used for roles
- apt_cache_valid_time
### all
| Variable | Description | Default |
| -------------------------------- | --------------------------------------------------------------------- | ------- |
| apt_cache_valid_time | Sets how long is the cache valid for the apt updates | 3600 |
| update_packages | Sets if the packages should be checked for new versions | true |
| upgrade_packages | Sets if the packages should be upgraded if a new version is available | true |
| install_security_updates | Sets if security updates should be installed | true |
| common_users | | |
| flatpak_common_remotes | Array describing which flatpak remote url should be configured | |
| software_packages_common_present | Sets which apt packages should be present / installed on the system | |
| software_pip_common_present | Sets which pip packages should be present / installed on the system | |
- update_packages
### htpc
| Variable | Description | Default |
| ------------------------------ | ------------------------------------------------------------------------------------------------- | --------- |
| software_packages_htpc_present | Which apt packages should be present | |
| flatpak_packages_htpc_present | Which flatpaks should be present on the system | |
| htpc_main_user | the main user for the HTPC sytem. Auto login, auto start and other settings will be applied to it | htpc_user |
| htpc_main_user_password | the main user password for the system | |
| htpc_shared_directories | which directories should be created (and shared) for the htpc system users | |
| htpc_groups_present | which groups should be present | htpc |
| htpc_users_present | which users should be present in each group | |
- upgrade_packages
- install_security_updates
### workstation
| Variable | Description | Default |
| ------------------------------------- | --------------------------------------------------------------------------------------------- | ------- |
| software_packages_workstation_present | which packages should be present on the system | |
| flatpak_packages_workstation_present | which flatpaks should be present on the system | |
| install_XXXXX | If the package should be installed. Used in software that comes from third party repositories | |
- flatpak_packages_workstation_present
- software_packages_common_present
### personalstation
| Variable | Description | Default |
| Variable | Description | Default |
| ------------------------------------- | ---------------------------------------------- | ------- |
| software_packages_personalstation_present | which packages should be present on the system | |
| flapatk_packages_personalstation_present | which flatpaks should be present on the system | |
- software_packages_htpc_present
- software_packages_workstation_present
## Used Tags
[:TODO:] Expand and Document Tags
[:TODO:] Expand and Document Tags

4
ansible/ansible.cfg Normal file
View File

@ -0,0 +1,4 @@
[defaults]
inventory = inventory
log_path = /var/log/ansible.log
retry_files_enabled = False

2
ansible/group_vars/all.yml.sample
View File

@ -21,6 +21,7 @@ software_packages_common_present:
- ansible
- btop
- curl
- duf
- git
- gnome-shell-extensions
- gnome-tweaks
@ -36,6 +37,7 @@ software_packages_common_present:
- vim
- vlc
- wget
- zsh
software_pip_common_present:

6
ansible/group_vars/htpc.yml.sample
View File

@ -1,8 +1,3 @@
# Server system variables
update_packages: true
upgrade_packages: true
install_security_updates: true
software_packages_htpc_present:
- btop
@ -15,7 +10,6 @@ flatpak_packages_htpc_present:
htpc_main_user: htpc_user
htpc_main_user_password: htpc
htpc_shared_directory_group: htpc
htpc_shared_directories:
- /home/shared/media

10
ansible/group_vars/personalstation.yml.sample Normal file
View File

@ -0,0 +1,10 @@
software_packages_personalstation_present:
- steam
- rclone
- rclone-browser
- clementine
flatpak_packages_personalstation_present:
- name: org.darktable.Darktable
remote: flathub

25
ansible/group_vars/workstation.yml.sample
View File

@ -1,33 +1,22 @@
# Personal system variables
update_packages: true
upgrade_packages: true
install_security_updates: true
run_workstation_tasks: true
software_packages_workstation_present:
- bridge-utils
- clementine
- docker
- docker-compose
- keepassxc
- nmap
- qemu-kvm
- rclone
- rclone-browser
- steam
- ubuntu-restricted-extras
- virt-manager
- zsh
flatpak_packages_workstation_present:
- name: com.vscodium.codium
remote: flathub
- name: com.jgraph.drawio.desktop
remote: flathub
- name: org.gimp.GIMP
remote: flathub
- name: org.gimp.GIMP.Plugin.GMic
remote: flathub
- name: org.gimp.GIMP.Plugin.GMic/x86_64/2-40
remote: flathub
# external repository software
install_brave: true

56
ansible/playbook.yml
View File

@ -1,16 +1,48 @@
---
- hosts: local
become: yes
vars:
ansible_become_username: "{{ become_username }}"
ansible_become_pass: "{{ become_password }}"
- hosts: all
become: true
vars_files:
- group_vars/{{ target_system }}.yml
- encrypted_vars/encrypted_vars.yml
- group_vars/{{ target_system }}.yml
roles:
- common
- { role: htpc, when target_system == 'htpc'}
pre_tasks:
- name: pre-task | check if encrypted_vars.yml is present
stat:
path: encrypted_vars/encrypted_vars.yml
register: encrypted_vars_file
- name: pre-task | include encrypted_vars.yml if it exists
include_vars:
file: encrypted_vars/encrypted_vars.yml
when: encrypted_vars_file.stat.exists
- name: pre-task | set become variables if encrypted_vars.yml exists
set_fact:
ansible_become_username: "{{ become_username }}"
ansible_become_pass: "{{ become_password }}"
when: encrypted_vars_file.stat.exists
- hosts: all
become: true
tasks:
- name: run common role
include_role:
name: common
- name: include htpc role
include_role:
name: htpc
when: target_system == 'htpc'
- name: include workstation role
include_role:
name: workstation
when: target_system == 'workstation'
- name: include personalstation role
include_role:
name: personalstation
when: target_system == 'personalstation'

23
ansible/roles/common/tasks/main.yml
View File

@ -1,17 +1,16 @@
- block:
# common dependencies and updates
- import_tasks: software/flatpak_setup.yml
- import_tasks: software/packages_update.yml
# common dependencies and updates
- include_tasks: software/flatpak_setup.yml
- include_tasks: software/packages_update.yml
# Common package installation
- import_tasks: software/packages_apt.yml
- import_tasks: software/packages_pip.yml
# Common package installation
- include_tasks: software/packages_apt.yml
- include_tasks: software/packages_pip.yml
# Common system setup tasks
- import_tasks: system_setup/security_updates.yml
- import_tasks: system_setup/gsettings.yml
# Common system setup tasks
- include_tasks: system_setup/security_updates.yml
- include_tasks: system_setup/gsettings.yml
# Common apt cleanup tasks
- import_tasks: system_setup/apt_cleanup.yml
# Common apt cleanup tasks
- include_tasks: system_setup/apt_cleanup.yml

0
ansible/roles/common/tasks/software/packages_cleanup.yml
View File

3
ansible/roles/personalstation/main.yml Normal file
View File

@ -0,0 +1,3 @@
# Install workstation specific software
- include_tasks: software/packages_flatpak.yml
- include_tasks: software/packages_apt.yml

6
ansible/roles/personalstation/tasks/packages_apt.yml Normal file
View File

@ -0,0 +1,6 @@
- name: personalstation setup | install software packages
apt:
name: "{{ software_packages_personalstation_present }}"
state: present
when: software_packages_personalstation_present is defined
tags: personalstation, software

8
ansible/roles/personalstation/tasks/packages_flatpak.yml Normal file
View File

@ -0,0 +1,8 @@
- name: personalstation setup | Install Flatpak Apps
flatpak:
name: "{{ item.name }}"
remote: "{{ item.remote }}"
state: present
loop: "{{ flatpak_packages_personalstation_present }}"
when: flatpak_packages_personalstation_present is defined
tags: common, software

10
ansible/roles/workstation/tasks/main.yml
View File

@ -1,3 +1,9 @@
# Install external repositories software
- include_tasks: software/brave_browser.yml
when:
- install_brave is defined
- install_brave == true
# Install workstation specific software
- import_tasks: software/flatpak.yml
- import_tasks: software/packages.yml
- include_tasks: software/flatpak.yml
- include_tasks: software/packages.yml

18
ansible/roles/workstation/tasks/software/brave_browser.yml Normal file
View File

@ -0,0 +1,18 @@
- name: workstation setup | download Brave Browser GPG Key
get_url:
url: https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
dest: /usr/share/keyrings/brave-browser-archive-keyring.gpg
mode: '0644'
- name: workstation setup | add Brave repository
ansible.builtin.shell: |
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list
- name: workstation setup | update apt cache due to Brave
apt:
update_cache: yes
- name: workstation setup | install Brave Browser
apt:
name: brave-browser
state: present

4
ansible/roles/workstation/tasks/software/flatpak.yml
View File

@ -1,8 +1,8 @@
- name: Install Flatpak Apps
- name: workstation setup | Install Flatpak Apps
flatpak:
name: "{{ item.name }}"
remote: "{{ item.remote }}"
state: present
loop: "{{ flatpak_packages_workstation_present }}"
when: item.name is defined
when: flatpak_packages_workstation_present is defined
tags: common, software

2
ansible/roles/workstation/tasks/software/packages.yml
View File

@ -1,4 +1,4 @@
- name: Install desired Workstation software packages
- name: workstation setup | install software packages
apt:
name: "{{ software_packages_workstation_present }}"
state: present

83
homelab.md
View File

@ -1,83 +0,0 @@
# HomeLab Notes
## Objectives
- Reduce VPS cost
- Add security to personal selfhosted services via VPN ()
- Simplify re-deployment and improve independency
- Automatic Maintenance and Notification
# Requirements
## Equipment
[local]
- Perseverance - Main Server
- CPU:
- RAM: 16 GB
- OS: Debian
- Storage:
- Curiosity - RaspberryPi 4
- CPU:
- RAM: 4 GB
- OS: Debian - 64 GB SSD
- Storage: RAID1 - 120 GB SSD
- Possibility: Another RaspberryPi 4
[remote]
- Opportunity - Main VPS - Linode
- CPU:
- RAM: 1 GB
- OS: Debian - 10GB SSD
- Storage:
- Pathfinder - VPS - Hetznet
- CPU:
- RAM: 4 GB
- OS:
- Storage:
## PoC
[remote]
- Opportunity - Main VPS
- Docker:
- [ ] VPN Server - OpenVPN
- :heavy_check_mark: Budget - FireflyIII
- :heavy_check_mark: Wiki - DokuWiki
- :heavy_check_mark: Website - Wordpress3
- :heavy_check_mark: Books - Ubooquity
- :heavy_check_mark: Container Manager - Portainer
- [ ] Project Management - Leantime
- :heavy_check_mark: Reverse Proxy - Traefik
- :heavy_check_mark: PP - Travel Map
- Pathfinder - VPS - Hetznet
- Docker:
- :heavy_check_mark: Game Server - Valheim
[local]
- Curiosity - RaspberryPi 4
- Docker:
- [ ] PRM - Monica
- [ ] VPN Client - OpenVPN
- [ ] Configuration Management - Ansible
- [ ] Git - Git
- [ ] DNS Server -
- [ ] Reverse Proxy - Traefik
- [ ] (Synced from Opportunity) Budget - FireflyIII
- [ ] (Synced from Opportunity) Wiki - DokuWiki
- [ ] (Synced from Opportunity) Website - Wordpress3
- [ ] (Synced from Opportunity) Books - Ubooquity
- [ ] (Synced from Opportunity) Container Manager - Portainer
- [ ] (Synced from Opportunity) Project Management - Leantime
- [ ] (Synced from Opportunity) PP - Travel Map
- Perseverance - Main Server
- VM:
- [ ] NAS - TrueCore
## Usage
- [ ] Opportunity serves public available services eg: Website, Wiki, VPN Server
- [ ] Opportunity connects Client via VPN to Curiosity for serving private services eg: Budget, Git, PRM
- [ ] Perseverance serves files to local network
## Backup
- [ ] Curiosity pulls from Opportunity
- [ ] Perseverance pulls from Curiosity
- [ ] Perseverance pushes to BackBlaze B2 / Google Drive

4
systems/Ubuntu-Server/Scripts/install-docker.sh
View File

@ -1,4 +0,0 @@
sudo apt update -y && \
sudo apt upgrade -y && \
sudo apt install docker -y && \
sudo apt install docker-compose -y

78
systems/archDaily/001deploy.sh
View File

@ -1,78 +0,0 @@
#!/bin/bash
clear
LOGLOCATION=/root/log.txt
echo ":: Change keyboard layout to DE"
loadkeys de-latin1
echo ":: Change Timezone to Berlin"
# #[TODO] Should be asked from user
timedatectl set-timezone Europe/Berlin
timedatectl set-ntp true
fdisk -l
echo ":: Enter disk to be used "
echo ":: Eg: /dev/vda"
read disk
echo "New Hostname? "
echo "Eg: bsa200arch"
read newhostname
echo "Local Domain?"
echo "Eg: local"
read newdomain
echo "Main User?"
echo "Eg: csa"
read newuserid
#echo "set a password for root "
#passwd
# Create the Paritions
fdisk ${disk} < fdisk_cmds
#gdisk ${disk} < gdisk_cmds
# Format parition and prepares swap
mkfs.ext4 ${disk}2 &> ${LOGLOCATION}
mkswap ${disk}1 &> ${LOGLOCATION}
# Mount the Filesystem
mount ${disk}2 /mnt &> ${LOGLOCATION}
swapon ${disk}1 &> ${LOGLOCATION}
# Install Essential Packages
pacstrap /mnt base linux linux-firmware
# Generate the fstab File
genfstab -U /mnt >> /mnt/etc/fstab
# Set TimeZone
arch-chroot /mnt timedatectl set-timezone Europe/Berlin
# Create locale.conf and set LANG Variable
echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf
# Set Keyboard Layout
echo "KEYMAP=de-latin1" > /mnt/etc/vconsole.conf
# Generate the new locales
arch-chroot /mnt locale-gen
# Setting hostname
echo ${newhostname} > /mnt/etc/hostname
# Adding entries to hosts(5)
echo "127.0.0.1 localhost" >> /mnt/etc/hosts
echo "::1 localhost" >> /mnt/etc/hosts
echo "127.0.1.1 ${newhostname}.${newdomain} ${newhostname}" >> /mnt/etc/hosts
systemctl enable dhcpcd
arch-chroot /mnt passwd
# Install Grub Bootloader
arch-chroot /mnt pacman -Sy grub os-prober --noconfirm -q
arch-chroot /mnt grub-install ${disk}
arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg

10
systems/archDaily/002installBasics.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
arch-chroot /mnt pacman -Sy curl \
htop \
tmux \
xfce4 \
xfwm4 \
xfce4-panel \
xfce4-terminal \
--noconfirm -q

21
systems/archDaily/fdisk_cmds
View File

@ -1,21 +0,0 @@
o
n
p
1
+4G
y
t
swap
n
p
2
y
t
2
linux
a
2
w

17
systems/curiosity/README.md
View File

@ -1,17 +0,0 @@
# HomeLab
Scripts used for starting my HomeLab stuff, either from scratch or moving between machines.
### Situation
### Task
- Make a copy of every *-sample without "-sample"
- eg: authorized_keys-sample = authorized_keys
- Edit the values in those files
### Result
### Note
### ToDo

5
systems/curiosity/docker-user/.ssh/authorized_keys-sample
View File

@ -1,5 +0,0 @@
# curiosity
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpqC2Zn9RUPYBwXI7kBkTx5/5ZfwDy5ynudQ7KpzV28r9JiLHxDYlBleZDceINVDFkHVltmYTqwc3ZsmSHQhKhwfSyctwK8i/Q2FBu24fRbrUFEj/ov6RjV+nR+3RIhvsVVwKqzSimWMYD/QTllTn8EZvCz2qx5wLr2BTQx9kfWnYDQQPTgNs/2WWTpud/8/VTpC9geT0nxZw4so9PIC9spvFg15pnq+68fIVd2lkP7PqtAofVLZ22mR5h9F9RCx778GeYTRfllRT6G1pDcpD+VRDFHKWCu63Og0HD3keO+4lhWC1P43IT0ugGQgHzxIAZgOPUuYl2p295IuQ5UlGx rsync@rpi4-20210210
# Zebramain
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAioYuCHGU8Gf3GfR1YZz8B3nvriGNvYmNmWew7xls+e+vwITuHOxSahD4Xdj5m1o4TE6cMxpLKZ5FQCWYpLzRjUPg2E0n/9LpKq/g1wBGPQLSgryfth2xZMwI2ya3s9+hG33koCH3yXZLgXqtCAn3vj3Gxx37MvclFdeXaFIIr+IMbTvQ+jFCCrOy507+ujkEUsv9AfJzMw0wq14ySSRo5iA9+vjGZRr2HwVQl29C/XFIcoczoiKI216uWmvfO6OFW2EH3vIMyyCcTtjsZeJ9oiil6fYflQgYRYGKePyj/NzN1n9qT08gAR/+yw9B/C9lUuBkMbjDLPj25eg+fL5NFe+AKLF6MTwnxoBQtwqb/Minw6y9i0fiwoNNQn17g3wmFk6qklPzM2zFBPYdpvy4HLCaw+3UMdTA5o9Uc8Cfqs9h2h0xn6iHdvr5gjNDMy8Oibp7j5kpx/V85WpMxA3A+xiOm/yAeQDHKWvPpot1mOmcLHoEI1GMfLOBSCGLtKNfoaQF2Gh2Wdy4vStMWXTJiMJPNGD7kiiMXmIdsKeAOllTaQ+Of2X8of6NiRBfT8wBSaPSBFJOZpSr8jPeif8j8UUqNII5t4KbrKMn53wrCRwvN3gOmmD9GfUbcpra2UTAXHD/jto5EJK6A+u2sUQxRyTYAH1lqOKZKXkCZw1wBzs= rsa-key-20210305

12
systems/curiosity/docker-user/backupOpportunity.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# Don't forget to add the script to anacron for automatic sync
# sudo nano /etc/anacrontab
# Run Every Day / If not executed wait 15 minutes after system boot / Unique Name / Script Location
# 1 15 backupOpportunity.daily /bin/sh /home/docker-user/backupOpportunity.sh
. /home/docker-user/config.sh
mkdir -p $BACKTO/$(date +%F)
find "$BACKFROM" -maxdepth 1 -mindepth 1 -type d \
-execdir tar -cf "$BACKTO/$(date +%F)/"{}-$(date +"%Y-%m-%d--%H-%M").tar {} \;

14
systems/curiosity/docker-user/backupRotation.sh
View File

@ -1,14 +0,0 @@
#!/bin/bash
# Don't forget to add the script to anacron for automatic sync
# sudo nano /etc/anacrontab
# Run Every Day / If not executed wait 15 minutes after system boot / Unique Name / Script Location
# 1 15 backupOpportunity.daily /bin/sh /home/docker-user/backupOpportunity.sh
. /home/docker-user/config.sh
mkdir -p $BACKTO/$(date +%F)
find "$BACKFROM" -maxdepth 1 -mindepth 1 -type d \
-execdir tar -cf "$BACKTO/$(date +%F)/"{}-$(date +"%Y-%m-%d--%H-%M").tar {} \;
# ls -dt */ | tail -n +11 | xargs rm -rf

340
systems/curiosity/docker-user/compose/.env-fireflyiii-sample
View File

@ -1,340 +0,0 @@
# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation.
# Never set it to "testing".
APP_ENV=local
# Set to true if you want to see debug information in error screens.
APP_DEBUG=false
# This should be your email address.
# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE
SITE_OWNER=mail@example.com
# The encryption key for your sessions. Keep this very secure.
# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it.
# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE
APP_KEY=SomeRandomStringOf32CharsExactly
# Firefly III will launch using this language (for new users and unauthenticated visitors)
# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang
#
# If text is still in English, remember that not everything may have been translated.
DEFAULT_LANGUAGE=en_US
# The locale defines how numbers are formatted.
# by default this value is the same as whatever the language is.
DEFAULT_LOCALE=equal
# Change this value to your preferred time zone.
# Example: Europe/Amsterdam
# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=Europe/Amsterdam
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
# Set it to ** and reverse proxies work just fine.
TRUSTED_PROXIES=
# The log channel defines where your log entries go to.
# Several other options exist. You can use 'single' for one big fat error log (not recommended).
# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself.
# A rotating log option is 'daily', creates 5 files that (surprise) rotate.
# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time.
# - Docker + versions <= 4.8.1.8 and before: use "stdout"
# - Docker + versions > 4.8.1.8 : use "docker_out"
# - Docker + versions >= 5.1.1 : use "stack"
# - For everything else (als not Docker) : use 'stack'
LOG_CHANNEL=stack
# Log level. You can set this from least severe to most severe:
# debug, info, notice, warning, error, critical, alert, emergency
# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably
# nothing will get logged, ever.
APP_LOG_LEVEL=notice
# Audit log level.
# set to "emergency" if you dont want to store audit logs.
# leave on info otherwise.
AUDIT_LOG_LEVEL=info
# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
# Use "pgsql" for PostgreSQL
# Use "mysql" for MySQL and MariaDB.
# Use "sqlite" for SQLite.
DB_CONNECTION=mysql
DB_HOST=fireflyiiidb
DB_PORT=3306
DB_DATABASE=firefly
DB_USERNAME=firefly
DB_PASSWORD=secret_firefly_password
# MySQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MYSQL_USE_SSL=false
MYSQL_SSL_VERIFY_SERVER_CERT=true
# You need to set at least of these options
MYSQL_SSL_CAPATH=/etc/ssl/certs/
MYSQL_SSL_CA=
MYSQL_SSL_CERT=
MYSQL_SSL_KEY=
MYSQL_SSL_CIPHER=
# PostgreSQL supports SSL. You can configure it here.
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
PGSQL_SSL_MODE=prefer
PGSQL_SSL_ROOT_CERT=null
PGSQL_SSL_CERT=null
PGSQL_SSL_KEY=null
PGSQL_SSL_CRL_FILE=null
# If you're looking for performance improvements, you could install memcached.
CACHE_DRIVER=file
SESSION_DRIVER=file
# If you set either of these to 'redis', you might want to update these settings too
# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or
# REDIS_PORT_FILE to set the value from a file instead of from an environment variable
# can be tcp, unix or http
REDIS_SCHEME=tcp
# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise.
REDIS_PATH=
# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise.
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
REDIS_PASSWORD=null
# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly.
REDIS_DB="0"
REDIS_CACHE_DB="1"
# Cookie settings. Should not be necessary to change these.
# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set
# the value from a file instead of from an environment variable
COOKIE_PATH="/"
COOKIE_DOMAIN=
COOKIE_SECURE=false
COOKIE_SAMESITE=lax
# If you want Firefly III to mail you, update these settings
# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAIL_MAILER=log
MAIL_HOST=null
MAIL_PORT=2525
MAIL_FROM=changeme@example.com
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
# Other mail drivers:
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MAILGUN_DOMAIN=
MAILGUN_SECRET=
# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net
# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
MAILGUN_ENDPOINT=api.mailgun.net
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
MANDRILL_SECRET=
SPARKPOST_SECRET=
# Firefly III can send you the following messages
SEND_REGISTRATION_MAIL=true
SEND_ERROR_MESSAGE=true
SEND_LOGIN_NEW_IP_WARNING=true
# These messages contain (sensitive) transaction information:
SEND_REPORT_JOURNALS=true
# Set a Mapbox API key here (see mapbox.com) so there might be a map available at various places.
# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
MAPBOX_API_KEY=
# The map will default to this location:
MAP_DEFAULT_LAT=51.983333
MAP_DEFAULT_LONG=5.916667
MAP_DEFAULT_ZOOM=6
# Firefly III has two options for user authentication. "eloquent" is the default,
# and "ldap" for LDAP servers.
# For full instructions on these settings please visit:
# https://docs.firefly-iii.org/advanced-installation/authentication
# If you use Docker or similar, you can set this variable from a file by appending it with _FILE
LOGIN_PROVIDER=eloquent
# It's also possible to change the way users are authenticated. You could use Authelia for example.
# Authentication via the REMOTE_USER header is supported. Change the value below to "remote_user_guard".
#
# This will also allow Windows SSO.
#
# If you do this please read the documentation for instructions and warnings:
# https://docs.firefly-iii.org/advanced-installation/authentication
#
# This function is available in Firefly III v5.3.0 and higher.
AUTHENTICATION_GUARD=web
# If the guard is changed, Firefly III uses the 'REMOTE_USER' header as per RFC 3875.
# You can also use another header, like AUTH_USER when using Windows SSO.
# Some systems use X-Auth headers. In that case, use HTTP_X_AUTH_USERNAME or HTTP_X_AUTH_EMAIL
# Depending on your system, REMOTE_USER may need to be changed to HTTP_REMOTE_USER
#
# If this header is 'unexpectedly empty', check out the documentation.
# https://docs.firefly-iii.org/advanced-installation/authentication
#
AUTHENTICATION_GUARD_HEADER=REMOTE_USER
#
# Firefly III uses email addresses as user identifiers. When you're using an external authentication guard
# that doesn't do this, Firefly III is incapable of emailing you. Messages sent to "Bill Gates" always fail.
#
# However, if you set this value, Firefly III will store the value from this header as the user's backup
# email address and use it to communicate. So user "Bill Gates" could still have
# the email address "bill@microsoft.com".
#
# Example value: AUTHENTICATION_GUARD_EMAIL=HTTP_X_AUTH_EMAIL
#
AUTHENTICATION_GUARD_EMAIL=
# It's impossible to log out users who's authentication is handled by an external system.
# Enter a custom URL here that will force a logout (your authentication provider can tell you).
# Setting this variable only works when AUTHENTICATION_GUARD != web
#
CUSTOM_LOGOUT_URI=
# LDAP connection configuration
# OpenLDAP, FreeIPA or ActiveDirectory
# # If you use Docker or similar, you can set this variable from a file by appending it with _FILE
ADLDAP_CONNECTION_SCHEME=OpenLDAP
ADLDAP_AUTO_CONNECT=true
# LDAP connection settings
# You can set the following variables from a file by appending them with _FILE:
# ADLDAP_CONTROLLERS, ADLDAP_PORT, ADLDAP_BASEDN
ADLDAP_CONTROLLERS=
ADLDAP_PORT=389
ADLDAP_TIMEOUT=5
ADLDAP_BASEDN=""
ADLDAP_FOLLOW_REFFERALS=false
# SSL/TLS settings
ADLDAP_USE_SSL=false
ADLDAP_USE_TLS=false
ADLDAP_SSL_CACERTDIR=
ADLDAP_SSL_CACERTFILE=
ADLDAP_SSL_CERTFILE=
ADLDAP_SSL_KEYFILE=
ADLDAP_SSL_CIPHER_SUITE=
ADLDAP_SSL_REQUIRE_CERT=
# You can set the following variables from a file by appending them with _FILE:
ADLDAP_ADMIN_USERNAME=
ADLDAP_ADMIN_PASSWORD=
# You can set the following variables from a file by appending them with _FILE:
ADLDAP_ACCOUNT_PREFIX=
ADLDAP_ACCOUNT_SUFFIX=
# LDAP authentication settings.
ADLDAP_PASSWORD_SYNC=false
ADLDAP_LOGIN_FALLBACK=false
ADLDAP_DISCOVER_FIELD=distinguishedname
ADLDAP_AUTH_FIELD=distinguishedname
# field to sync as local username.
# You can set the following variable from a file by appending it with _FILE:
ADLDAP_SYNC_FIELD=userprincipalname
# You can disable the X-Frame-Options header if it interferes with tools like
# Organizr. This is at your own risk. Applications running in frames run the risk
# of leaking information to their parent frame.
DISABLE_FRAME_HEADER=false
# You can disable the Content Security Policy header when you're using an ancient browser
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
# This is at your own risk.
DISABLE_CSP_HEADER=false
# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here.
# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to.
# Do not prepend the TRACKER_URL with http:// or https://
# The only tracker supported is Matomo.
# You can set the following variables from a file by appending them with _FILE:
TRACKER_SITE_ID=
TRACKER_URL=
# Firefly III can collect telemetry on how you use Firefly III. This is opt-in.
# In order to allow this, change the following variable to true.
# To read more about this feature, go to this page: https://docs.firefly-iii.org/support/telemetry
SEND_TELEMETRY=false
#
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.
#
ALLOW_WEBHOOKS=false
# You can fine tune the start-up of a Docker container by editing these environment variables.
# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data.
# However if you know what you're doing you can significantly speed up container start times.
# Set each value to true to enable, or false to disable.
# Check if the SQLite database exists. Can be skipped if you're not using SQLite.
# Won't significantly speed up things.
DKR_CHECK_SQLITE=true
# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists
# and is up to date.
DKR_RUN_MIGRATION=true
# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date
# with the latest fixes (outside of migrations!)
DKR_RUN_UPGRADE=true
# Verify database integrity. Includes all data checks and verifications.
# Disabling this makes Firefly III assume your DB is intact.
DKR_RUN_VERIFY=true
# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state.
# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues.
DKR_RUN_REPORT=true
# Generate OAuth2 keys.
# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if)
# you had previously generated keys already and they're stored in your database for restoration.
DKR_RUN_PASSPORT_INSTALL=true
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
APP_NAME=FireflyIII
ADLDAP_CONNECTION=default
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
CACHE_PREFIX=firefly
PUSHER_KEY=
PUSHER_SECRET=
PUSHER_ID=
DEMO_USERNAME=
DEMO_PASSWORD=
IS_HEROKU=false
FIREFLY_III_LAYOUT=v1
#
# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
# This configuration value WILL NOT HELP.
#
# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
# So when configuring anything WEB related this variable doesn't do anything. Nothing
#
# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
#
APP_URL=http://localhost

12
systems/curiosity/docker-user/compose/.env-sample
View File

@ -1,12 +0,0 @@
# Storage Path for all services
STORAGE_PATH=/mnt/raid1/docker
# Heimdal Configuration
# Assumes STORAGE_PATH as base
HEIMDALCONFIG=/heimdal
# FireflyIII Configuration
# Assumes STORAGE_PATH as a base
FIREFLYEXPORT=/fireflyiii/export
FIREFLYUPLOAD=/fireflyiii/upload
FIREFLYDB=/fireflyiii/db

3
systems/curiosity/docker-user/compose/create-storage.sh
View File

@ -1,3 +0,0 @@
#!/bin/bash
source .env
mkdir -p "$STORAGE_PATH"/fireflyiii/{export,db,upload}

15
systems/curiosity/docker-user/compose/heimdal.yml
View File

@ -1,15 +0,0 @@
version: "2.1"
services:
heimdall:
image: ghcr.io/linuxserver/heimdall
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ${HEIMDALCONFIG}:/config
ports:
- 80:80
- 443:443
restart: unless-stopped

3
systems/curiosity/docker-user/config.sh-sample
View File

@ -1,3 +0,0 @@
export BACKTO="Source of BackUp eg: /mnt/raid1/backups"
export BACKFROM="Destination of BackUp eg: /mnt/raid1/opportunity-clone"
export BACKMAX=5

4
systems/curiosity/rsync/.ssh/config-sample
View File

@ -1,4 +0,0 @@
Host opportunity
HostName 10.20.30.40
User docker-user
IdentityFile ~/.ssh/curiosity

5
systems/curiosity/rsync/config.sh-sample
View File

@ -1,5 +0,0 @@
export TARGETUSER="remote user eg: docker-user"
export TARGETIP="remote ip eg: 10.50.20.5"
export TARGETFOLDER="folder to sync from eg: /home/docker-user/"
export SOURCEKEY="RSA private key location eg: /home/rsync/.ssh/curiosity"
export SOURCEFOLDER="destination folder eg: /mnt/raid1/opportunity-clone/"

10
systems/curiosity/rsync/syncFromOpportunity.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
# Don't forget to add the script to anacron for automatic sync
# sudo nano /etc/anacrontab
# Run Every Day / If not executed wait 15 minutes after system boot / Unique Name / Script Location
# 1 15 syncFromOpportunity.daily /bin/sh /home/rsync/syncFromOpportunity.sh
. ./home/rsync/config.sh
rsync --progress -avz -e "ssh -i ${SOURCEKEY}" $TARGETUSER@$TARGETIP:$TARGETFOLDER $SOURCEFOLDER

18
systems/xubuntuDaily/ansible/README.md
View File

@ -1,18 +0,0 @@
# Ansible
Playbooks and ansible configs to deploy different systems
### Situation
### Task
- Run the playbook
```
ansible-playbook deploy.yml
```
### Result
### Note
### ToDo

3
systems/xubuntuDaily/ansible/ansible.cfg
View File

@ -1,3 +0,0 @@
[defaults]
inventory = hosts
log_path = /var/log/ansible.log

21
systems/xubuntuDaily/ansible/deploy.yml
View File

@ -1,21 +0,0 @@
---
- hosts: localhost
connection: local
become: true
tasks:
- name: install packages
package:
name:
- htop
- keepass2
- notepadqq
- remmina
- name: cleanup package cache
apt:
autoclean: yes
- name: autoremove orphan packages
apt:
autoremove: yes

86
systems/xubuntuDaily/bash/001deploy.sh
View File

@ -1,86 +0,0 @@
clear
start=`date +%s`
source secrets.cfg
echo ":: Adding Atom, Cryptomator, Opera to thrusted sources"
wget -q https://packagecloud.io/AtomEditor/atom/gpgkey -O- | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main"
sudo add-apt-repository ppa:sebastian-stenzel/cryptomator
wget -qO- https://deb.opera.com/archive.key | sudo apt-key add -
sudo add-apt-repository "deb [arch=i386,amd64] https://deb.opera.com/opera-stable/ stable non-free"
clear
echo ":: Updating and Upgrading"
sudo apt update -y &> /dev/null
sudo apt upgrade -y &> /dev/null
echo ":: Installing common dependencies"
sudo apt install software-properties-common apt-transport-https wget -y &> /dev/null
echo ":: Installing Atom, Keepass2, Notepadqq, Remmina"
sudo apt install atom -y &> /dev/null
sudo apt install keepassxc -y &> /dev/null
sudo apt install notepadqq -y &> /dev/null
sudo apt install remmina -y &> /dev/null
echo ":: Installing keepass2 utilities"
sudo apt install xdotool -y &> /dev/null
echo ":: Installing Cryptomator, Opera Browser, gparted"
sudo apt install cryptomator -y &> /dev/null
sudo apt install opera-stable -y &> /dev/null
sudo apt install gparted -y &> /dev/null
echo ":: Installing docker, docker-compose and Ansible"
sudo apt install docker -y &> /dev/null
sudo apt install docker-compose -y &> /dev/null
sudo apt install ansible -y &> /dev/null
echo ":: Installing htops, kvm and it's utilities"
sudo apt install htop -y &> /dev/null
sudo apt install qemu-kvm -y &> /dev/null
sudo apt install virt-manager -y &> /dev/null
sudo apt install libvirt-daemon-system -y &> /dev/null
sudo apt install libvirt-clients -y &> /dev/null
sudo apt install bridge-utils -y &> /dev/null
#echo ":: Installing gnome-control-center"
#sudo apt install gnome-control-center gnome-online-accounts
echo ":: Installing rclone, rclone-browser, tmux"
sudo apt install rclone -y &> /dev/null
sudo apt install rclone-browser -y &> /dev/null
sudo apt install tmux -y &> /dev/null
echo ":: Adding user < ${USER} > to VM groups and docker"
sudo adduser ${USER} libvirt
sudo adduser ${USER} kvm
sudo gpasswd -a ${USER} docker
echo ":: Installing MS Fonts"
sudo apt install ttf-mscorefonts-installer
echo ":: Removing Bloatware"
sudo apt remove gnome-mines -y &> /dev/null
sudo apt remove sgt-launcher -y &> /dev/null
sudo apt remove transmission-gtk -y &> /dev/null
sudo apt remove parole -y &> /dev/null
sudo apt remove WebBrowser -y &> /dev/null
sudo apt remove pidgin* -y &> /dev/null
sudo apt remove thunderbird -y &> /dev/null
sudo apt remove hexchat -y &> /dev/null
sudo apt remove xfce4-notes -y &> /dev/null
sudo apt remove imagemagick* -y &> /dev/null
echo ":: Cleaning Up"
sudo apt autoclean -y &> /dev/null
sudo apt auto-remove -y &> /dev/null
end=`date +%s`
runtime=$((end-start))
echo ":: Total Run Time: ${runtime} Seconds."

28
systems/xubuntuDaily/bash/002extras.sh
View File

@ -1,28 +0,0 @@
clear
start=`date +%s`
echo ":: Updating and Upgrading"
sudo apt update -y &> /dev/null
sudo apt upgrade -y &> /dev/null
echo ":: Installing: Steam, Audacious, VLC"
sudo apt install steam -y &> /dev/null
sudo apt install audacious -y &> /dev/null
sudo apt install vlc -y &> /dev/null
echo ":: Installing: Handbrake, ffmpeg"
sudo apt install handbrake -y &> /dev/null
sudo apt install ffmpeg -y &> /dev/null
echo ":: Installing: xscreensaver-gl, conky"
sudo apt install xscreensaver-gl -y &> /dev/null
sudo apt install conky -y &> /dev/null
echo ":: Cleaning Up"
sudo apt autoclean -y &> /dev/null
sudo apt auto-remove -y &> /dev/null
end=`date +%s`
runtime=$((end-start))
echo ":: Total Run Time: ${runtime} Seconds."

12
systems/xubuntuDaily/bash/010update.sh
View File

@ -1,12 +0,0 @@
echo ":: Updating"
start=`date +%s`
sudo apt update -y &> /dev/null
echo ":: Upgrading the following:"
sudo apt list --upgradable
sudo apt upgrade -y &> /dev/null
echo ":: Removing Old Packages"
sudo apt autoclean -y
sudo apt autoremove -y
end=`date +%s`
runtime=$((end-start))
echo ":: Total Update Time: ${runtime} seconds!"

23
systems/xubuntuDaily/bash/README.md
View File

@ -1,23 +0,0 @@
# xubuntuDaily
Scripts used to create, maintain or update my daily xubuntu OS.
### Situation
### Task
### Action
004 - ./clipJoiner.sh
### Result
004 - Indexes all files in a directory - and sub-directories - and joins them in a single clip
### Note
### ToDo
- Change from apt-key to trusted.gpg.d ()
## Example Screenshot
![Example Screenshot]()

4
systems/xubuntuDaily/bash/clearLogs.sh
View File

@ -1,4 +0,0 @@
#!/bin/bash
journalctl --disk-usage
sudo journalctl --rotate
sudo journalctl --vacuum-time=5days

BIN
systems/xubuntuDaily/screenshots/AtomFullScreen.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 425 KiB